Access Control Matrix or Access Matrix is an abstract, formal security model used in computer systems, that characterizes the rights of each subject with respect to every object in the system. It was first introduced by Lampson 1971.
According to the model a computer system consists of a set of objects O, that is the set of entities that needs to be protected (e.g. processes, files, memory pages) and a set of subjects S, that consists of all active entities (e.g. users, processes). Further there exists a set of rights R of the form r(s,o), where , and . A right thereby specifies the kind of access a subject is allowed to process with regard to an object.
In this matrix example there exists two processes, a file and some device. The first process has the ability to execute the second, read the file and write some information to the device, while the second process can only send information to the first.
| ||process 1 ||process 2 ||file ||device |
|process 1 ||read, write, execute, own ||execute ||read ||write |
|process 2 ||read ||read, write, execute, own || || |
The Access Control Matrix is the elementary abstraction mechanism in computer security. Because it does not define the granularity of protection mechanisms, it can be used to express any access control-security policy. As concrete model used by a system for access control decisions it is less usable, because of it's memory requirements and static properties. In view of security mechanisms, capability lists and access control lists are alternatives, which can be thought as rows and columns of the access control matrix. A security policy is a plan of action for tackling security issues, or a set of regulations for maintaining a certain level of security. ...
The access control list (ACL) is a concept in computer security used to enforce privilege separation. ...
Access Control List - ACL The access control list (ACL) is a concept in computer security used to enforce privilege separation. ...
- Butler W. Lampson, Protection; Proceedings of the 5th Princeton Conference on Information Sciences and Systems, Princeton, 1971, p.437.
- Matt Bishop, Computer security - art and science; Addison-Wesley, 2003, ISBN 0-201-44099-7